P
US10075427B2ActiveUtilityPatentIndex 39

Resetting authentication tokens based on an implicit credential in response to an authentication request missing an authentication token

Assignee: LENOVO SINGAPORE PTE LTDPriority: Mar 31, 2014Filed: Mar 31, 2014Granted: Sep 11, 2018
Est. expiryMar 31, 2034(~7.7 yrs left)· nominal 20-yr term from priority
Inventors:BOWSER ROBERT ACHESTON RICHARD WAYNELOCKER HOWARDWIBRAN GORAN HANSSPRINGFIELD RANDALL SCOTT
H04L 63/0823H04L 63/0861H04L 63/0846
39
PatentIndex Score
0
Cited by
7
References
20
Claims

Abstract

For resetting authentication tokens based on implicit credentials, a method is disclosed that includes receiving, by use of a processor, an authentication request, the request requiring an authentication token, the request not including the authentication token, verifying an implicit credential, and resetting the authentication token in response to the implicit credential matching a predefined credential.

Claims

exact text as granted — not AI-modified
What is claimed is: 
     
       1. An apparatus comprising:
 a processor; 
 a memory that stores code executable by the processor to: 
 receive an authentication request from a user, the authentication request usable to authenticate the user, wherein the authentication request requires an authentication token to authorize the user's access of a computing resource; 
 determine whether the authentication token is missing from the authentication request; 
 authenticate the user via the authentication request and the authentication token, in response to determining that the authentication token is not missing from the authentication request; 
 request an implicit credential in response to determining that the authentication token is missing from the authentication request, the user submitting the authentication request without any authentication token, the implicit credential being a different type of credential than the authentication token; 
 receive the implicit credential; 
 identify a time of day and date when the authentication request was received; 
 identify a network address of a device that transmitted the authentication request, wherein the network address is one of an IP address and a MAC address; 
 request an implicit credential in response to the user submitting the authentication request without any authentication token, the implicit credential being a different type of credential than the authentication token; 
 receive the implicit credential; 
 determine whether the time of day and date when the authentication request was received matches a predetermined time range in response to determining that the authentication token is missing from the authentication request; 
 determine whether the network address of the device that transmitted the authentication request matches a predefined network address in response to determining that the authentication token is missing from the authentication request; 
 determine whether the implicit credential matches a predefined credential in response to determining that the authentication token is missing from the authentication request; and 
 reset the authentication token in response to the time of day and date when the authentication request was received matching the predetermined time range, the network address of the device matching the predefined network address, and the implicit credential matching the predefined credential. 
 
     
     
       2. The apparatus of  claim 1 , wherein the authentication token is one of a password and a fingerprint scan, and wherein the implicit credential comprises sensor input selected or combined from the group consisting of a microphone, a biometric scanner, RFID reader and a camera. 
     
     
       3. The apparatus of  claim 1 , wherein the processor further transmits the authentication request to the authority, wherein determining whether the implicit credential matches the predefined credential comprises the authority verifying the implicit credential. 
     
     
       4. The apparatus of  claim 1 , wherein the authentication request includes a reset token selected or combined from the group consisting of a name, an identification number, a location, a mascot, and a cryptographic token, wherein the processor further resets the authentication token in response to verifying the reset token. 
     
     
       5. The apparatus of  claim 1 , wherein the processor further allows temporary access in response to the authentication request. 
     
     
       6. The apparatus of  claim 5 , wherein temporary access is limited to a threshold value, the threshold value selected from the group consisting of a threshold number of authentication requests and a threshold amount of time. 
     
     
       7. A method comprising:
 receiving, by use of a processor and at an authenticating device, an authentication request from a user, the authentication request usable to authenticate the user, wherein the authentication request requires an authentication token to authorize the user's access of a computing resource; 
 determining, by the authenticating device, whether the authentication token is missing from the authentication request; 
 authenticating the user via the authentication request and the authentication token, in response to determining that the authentication token is not missing from the authentication request; 
 requesting an implicit credential in response to determining that the authentication token is missing from the authentication request, the user submitting the authentication request without any authentication token, the implicit credential being a different type of credential than the authentication token; 
 identifying a time of day and date when the authentication request was received and a network address of a device that transmitted the authentication request, wherein the network address is one of an IP address and a MAC address; 
 requesting an implicit credential in response to the user submitting the authentication request without any authentication token, the implicit credential being a different type of credential than the authentication token; 
 determining, by the authenticating device, whether the time of day and date when the authentication request was received matches a predetermined time range in response to determining that the authentication token is missing from the authentication request; 
 determining, by the authenticating device, whether the network address of the device that transmitted the authentication request matches a predefined network address in response to determining that the authentication token is missing from the authentication request; 
 determining, by the authenticating device, whether the implicit credential matches a predefined credential in response to determining that the authentication token is missing from the authentication request; and 
 resetting, by the authenticating device, the authentication token in response to the time of day and date when the authentication request was received matching the predetermined time range, the network address of the device matching the predefined network address, and the implicit credential matching the predefined credential. 
 
     
     
       8. The method of  claim 7 , wherein the authentication token is one of a password and a fingerprint scan, and wherein the implicit credential comprises sensor input selected or combined from the group consisting of a microphone, a biometric scanner, RFID reader and a camera. 
     
     
       9. The method of  claim 7 , further comprising transmitting the authentication request to the authority, wherein determining whether the implicit credential matches the predefined credential comprises receiving a response from the authority. 
     
     
       10. The method of  claim 7 , further comprising allowing temporary access in response to the authentication request. 
     
     
       11. The method of  claim 10 , wherein the temporary access is limited to a threshold value, the threshold value selected from the group consisting of a threshold number of authentication requests and a threshold amount of time. 
     
     
       12. The method of  claim 7 , wherein the authentication request includes a reset token selected or combined from the group consisting of a name, an identification number, a location, a mascot, and a cryptographic token, the method further comprising: resetting the authentication token in response to verifying the reset token. 
     
     
       13. The method of  claim 7 , wherein before receiving the authentication request, the method further includes learning the implicit credential. 
     
     
       14. The method of  claim 7 , the method further includes learning the predetermined time range and the predefined network address from a prior authentication request having a valid authentication token. 
     
     
       15. A program product comprising a non-transitory computer readable storage medium that stores code executable by a processor to perform:
 receiving an authentication request from a user, the authentication request usable to authenticate the user, wherein the authentication request requires an authentication token to authorize the user's access of a computing resource; 
 determining whether the authentication token is missing from the authentication request; 
 authenticating the user via the authentication request and the authentication token, in response to determining that the authentication token is not missing from the authentication request; 
 requesting an implicit credential in response to determining that the authentication token is missing from the authentication request, the implicit credential being a different type of credential than the authentication token; 
 identifying a time of day and date when the authentication request was received and a network address of a device that transmitted the authentication request, wherein the network address is one of an IP address and a MAC address; 
 requesting an implicit credential in response to determining that the authentication token is missing from the authentication request, the implicit credential being a different type of credential than the authentication token; 
 determining whether the time of day and date when the authentication request was received matches a predetermined time range in response to determining that the authentication request is missing the authentication token; 
 determining whether the network address of the device that transmitted the authentication request matches a predefined network address in response to determining that the authentication request is missing the authentication token; 
 determining whether the implicit credential matches a predefined credential in response to determining that the authentication request is missing the authentication token; and 
 resetting the authentication token in response to the time of day and date when the authentication request was received matching the predetermined time range, the network address of the device matching the predefined network address, and the implicit credential matching the predefined credential. 
 
     
     
       16. The program product of  claim 15 , wherein the authentication token is one of a password and a fingerprint scan, and wherein the implicit credential comprises sensor input selected or combined from the group consisting of a microphone, a biometric scanner, RFID reader and a camera. 
     
     
       17. The program product of  claim 15 , wherein the authentication request includes a reset token selected or combined from the group consisting of an identifying name, an identification number, a location, and a cryptographic token, wherein the code further resets the authentication token in response to verifying the reset token. 
     
     
       18. The program product of  claim 15 , the code further allows temporary access in response to the authentication request. 
     
     
       19. The program product of  claim 18 , wherein the temporary access is limited to a threshold value, the threshold value selected from the group consisting of a threshold number of authentication requests and a threshold amount of time. 
     
     
       20. The program product of  claim 15 , wherein the code further transmits the authentication request to the authority, wherein determining whether the implicit credential matches the predefined credential comprises the authority verifying the implicit credential.

Cited by (0)

No later patents cite this yet.

References (0)

No backward citations on record.